step-security · sailikhith-stepsecurity · Oct 30, 2025 · Oct 30, 2025
diff --git a/remediation/workflow/pin/pinactions.go b/remediation/workflow/pin/pinactions.go
@@ -3,6 +3,7 @@ package pin
 import (
 	"context"
 	"fmt"
+	"log"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -67,6 +68,7 @@ func PinAction(action, inputYaml string, exemptedActions []string, pinToImmutabl
 	PAT := os.Getenv("SECURE_REPO_PAT")
 	if PAT == "" {
 		PAT = os.Getenv("PAT")
+		log.Println("SECURE_REPO_PAT is not set, using PAT")
 	}
 
 	ctx := context.Background()

diff --git a/remediation/workflow/secureworkflow_test.go b/remediation/workflow/secureworkflow_test.go
@@ -217,7 +217,6 @@ func TestSecureWorkflow(t *testing.T) {
 	}{
 		{fileName: "replaceactions.yml", wantPinnedActions: true, wantAddedHardenRunner: true, wantAddedPermissions: false, wantAddedMaintainedActions: true},
 		{fileName: "allscenarios.yml", wantPinnedActions: true, wantAddedHardenRunner: true, wantAddedPermissions: true},
-		// {fileName: "missingaction.yml", wantPinnedActions: true, wantAddedHardenRunner: true, wantAddedPermissions: false},
 		{fileName: "nohardenrunner.yml", wantPinnedActions: true, wantAddedHardenRunner: false, wantAddedPermissions: true},
 		{fileName: "noperms.yml", wantPinnedActions: true, wantAddedHardenRunner: true, wantAddedPermissions: false},
 		{fileName: "nopin.yml", wantPinnedActions: false, wantAddedHardenRunner: true, wantAddedPermissions: true},